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About this guide 


Welcome to Qualys Cloud Platform and integration of Qualys Cloud Platform with 
Amazon Web Services! We’ll help you get acquainted with the Qualys solutions for 
integrating your AWS Cloud with the Qualys Cloud Secunity Platform. 


About Qualys 


Qualys, Inc. (NASDAQ: QLYS) is a pioneer and leading provider of cloud-based security and 
compliance solutions. The Qualys Cloud Platform and its integrated apps help businesses 
simplify security operations and lower the cost of compliance by delivering critical 
security intelligence on demand and automating the full spectrum of auditing, 
compliance and protection for IT systems and web applications. 


Founded in 1999, Qualys has established strategic partnerships with leading managed 
service providers and consulting organizations including Accenture, BT, Cognizant 
Technology Solutions, Deutsche Telekom, Fujitsu, HCL, HP Enterprise, IBM, Infosys, NTT, 
Optiv, SecureWorks, Tata Communications, Verizon and Wipro. The company is also a 
founding member of the Cloud Security Alliance (CSA). For more information, please visit 
www.qualys.com 


Qualys Support 


Qualys is committed to providing you with the most thorough support. Through online 
documentation, telephone help, and direct email support, Qualys ensures that your 
questions will be answered in the fastest time possible. We support you 7 days a week, 
24 hours a day. Access support information at www.qualys.com/support/ 
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Introduction 


Welcome to Qualys Cloud Platform that brings you solutions for securing your Cloud IT 
Infrastructure as well as your traditional IT infrastructure. In this guide we'll be talking 
about securing your Amazon AWS EC2 infrastructure using Qualys. 


Qualys Integrated Security Platform 


With Qualys Cloud Platform you get a single view of your security and compliance - in real 
time. If you’re new to Qualys we recommend you to visit the Qualys Cloud Platform web 
page to know more about our cloud platform. 


CLOUD PLATFORM APPS 


Overview 


ASSET MANAGEMENT 


Asset Inventory 


CMDB Sync 


IT SECURITY 


Vulnerability Management 


Threat Protection 


Continuous Monitoring 


Indication of Compromise 


Container Security 


CLOUD SECURITY 


Cloud Inventory 


Cloud Security Assessment 


WEB APP SECURITY 


Web App Scanning 


Web App Firewall 


COMPLIANCE 


Policy Compliance 


Security Configuration 
Assessment 


PCI Compliance 


File Integrity Monitoring 


Security Assessment 
Questionnaire 


CERTIFICATE SECURITY 


Certificate Inventory 


Certificate Assessment 
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Qualys Support for AWS 


You can now access Qualys vulnerability assessment findings in Amazon Security Hub. 
The Amazon Security Hub provides a comprehensive view of the high-priority security 
alerts and compliance status across their accounts. By integrating the findings from 
Qualys Vulnerability Management (VM/VMDR) with Amazon Security Hub, you can get 
near real-time, up-to-date visibility of your security posture in Amazon console. These 
findings, gained by the correlation of Qualys information with other data in Amazon 
Security Hub, allow customers to guickly detect risks in their AWS environments and take 
rapid,automated remedial actions. 


Qualys AWS Cloud support provides the following features: 


- Secure EC2 Instances (IaaS) from 
vulnerabilities and check for 
regulatory compliance on OS and 
Applications (Database, 


Middleware) @ co) js 


- Gain continuous security using 
Cloud Agents, embed them into 
AMIs to get complete visibility 


- Identify vulnerabilities for public 9 © 
facing IPs and URLs 


- Secure Application using 
Application Scanning and Firewall 
solutions 


- Vulnerability Scan 

- Supports all AWS global regions including GovCloud 
- Supports EC2 instances in Classic and VPC platform 
- Qualys Cloud Agents certified to work in EC2 
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Qualys Sensors 


Qualys sensors, a core service of the Qualys Cloud Platform, make it easy to extend your 
security throughout your global enterprise. These sensors are remotely deployable, 
centrally managed and self updating. They collect the data and automatically transmit it 
up to the Qualys Cloud Platform, which has the computing power to continuously analyze 
and correlate the information in order to help you identify threats and eliminate 
vulnerabilities. 


Virtual Scanner Appliances 
Remote scan across your networks - hosts and applications 


A Cloud Agents 
Continuous security view and platform for additional security 


AWS Cloud Connectors 
Sync cloud instances and its metadata 


Internet Scanners 
Perimeter scan for edge facing IPs and URLs 


Web Application Firewalls 
Actively defend intrusions and secure applications 


Pre-requisites 
These options must be enabled for your Qualys user account. 


- Qualys Applications: Vulnerability Management (VM/VMDR), Cloud Agent (CA). Ensure 
that you have executed scans and the scan reports (including vulnerability information) 
are available in your user account. 


- Qualys Sensors: Virtual Scanner Appliances or Cloud Agents, as required 
- Ensure API Access permission is enabled for the user account 
- Manager or Unit Manager role 


- AWS Security Hub must be enabled for the desired region 


Its easy to get started 


You might already be familiar with Qualys Cloud Suite, its features and user interface. If 
you're new to Qualys we recommend these overview tutorials - it just takes a few minutes! 
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Video Tutorials get you familiar with basics 


Vulnerability Management Detection and Response. (3 mins) 


Policy Compliance Overview (14 mins) 


Quick Steps: Integrating Amazon Web Services with Qualys 
Here's the user flow for integrating Qualys with AWS Security Hub. 


1 - Enabling Qualys Apps in Amazon Security Hub: AWS Security Hub (enabled for region) 
> Integrations > Qualys VM product > Enable this Integration (Accept findings). Learn 
more. 


2 - Configuring Integration with Qualys using APIs available to configure integration with 
Qualys Cloud Platform. 


3 - Configuring Insights on AWS Console (Optional). 
@ Enable Qualys Apps in Amazon Security Hub 
@ configure Integration steps with Qualys 


© Configure Insights on AWS (Optional) 


Helpful resources Always up to date with the information you need 


From the Community 
Qualys Training | Free self paced classes, video series, online classes 
Qualys Documentation | Getting started guides, quick references, API docs 


Qualys AWS EC2 Video Series | Learn how to discover and secure AWS assets 
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Enabling Qualys Apps in Amazon Security Hub 


Enabling Amazon Security Hub integration involves the following two quick steps on AWS 
console. 


Enabling Amazon Security Hub for a Specific Region 


Enabling Qualys Vulnerability Management on Amazon Security Hub Console 


Enabling Amazon Security Hub for a Specific Region 


You must enable Amazon Management Console for every region that needs to be assessed 
and included in the integration. 


Note: You can view the findings reported by Qualys only for those regions for which 
Amazon Management Console is enabled. 


Let us see the steps to enable Amazon Management Console for a region. 


1 - Go to AWS Management Console. 


Services v Resource Groups v *& a vf N. Virginia ~ 


Region drop-down 


AWS Management Console 


AWS services Stay connected to your AWS resources 
on-the-go 


Find Services 
You can enter names, keywords or acronyms. Download the AWS Console Mobile App to 


Q your iOS or Android mobile device. 
Learn more [4 


v Recently visited services 


Security Hub (0) IAM Explore AWS 
ə VPC RDS 3 
T 8 Amazon SageMaker Autopilot 
EC2 A hands on workshop for AutoML. Learn more A 
v All services S3 Intelligent-Tiering 

Compute & Machine Learning Optimize cost automatically with Amazon S3. 
EC2 Amazon SageMaker Get started [Z 
Lightsail [4 Amazon CodeGuru 
Lambda Amazon Comprehend AWS! 
Batch Amazon Forecast Q 
Elastic Beanstalk Amazon Fraud Detector Connect with AWS Certified third-party experts for on- 
Serverless Application Repository Amazon Kendra demand consultations and project help. Get started [4 


2 - Select the region to be enabled from the upper right-hand corner and click the region. 


3 - Click Go to Security Hub. 
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The Welcome to AWS Security Hub page is displayed. 


| - Ensure that you retain the default options checked-in and click Enable Security Hub. 


an 


The Amazon Security Hub is then enabled for the selected region. 


Enabling Qualys Vulnerability Management on Amazon Security 
Hub Console 


1 - Go to Amazon Security Hub Console. 
2 - Go to Integrations tab. 
3 - Type Qualys in Filter integrations search box. 


The Qualys: Vulnerability Management result is displayed. 


AW Services v Resource Groups v * 


Integrations 


Security Hub x 
Accept findings from other AWS services or from third-party integration 
Summary Q Qualys 
Security standards 
Insights 
Findings © Q 
ualys 


Integrations 


Qualys: Vulnerability Management 
Settings 


Yescription 


Qualys Vulnerability Management (VM) continuously scans and 
What's new identifies vulnerabilities, protecting your assets. 


Sends findings to Security Hub 


ategor 


Cloud Compliance and Best Practices Checks, Configuration and 
Patch Management, Vulnerability Assessment and Management 


How to rece findings from this integration 
1. Purchase a subscription to this product: Purchase [4 


2. Follow the integration's configuration instructions: 
Configure A 


3. Choose Accept findings 


Not accepting findings Accept findings 


4 - Click Accept findings. 
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The resource policies are displayed. 
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Accept findings 


When you choose to accept findings from an integration, the permissions necessary 
to receive findings from that product are automatically assigned. AWS Security Hub 
has a managed resource-level permission that provides you with a safe, easy way to 
enable integrations to import findings on your behalf. Choosing ‘Accept Findings’ 
grants the following resource-level permission. For additional setup information, 


follow the integration provider's configuration instructions: Configuration 
instructions A 


"Version": "2012-10-17", 
"Statements": [ 
{ 
"Effect": "Allow", 
"Principal": { 
"AWS": "{ProductAccountId}" 
> 
"Action": [ 
1 “securityhub:BatchImportFindings" 


> 


"Resource": "{ProductArn}", 
"Condition": { 
14+ “StringEquals": { 


“securityhub: TargetAccount": 


Cancel 


Accept findings 


5 - Click Accept findings on the resource policies to complete the integration from AWS 
console. These resource policies define the permissions that the Amazon Security Hub 
needs to receive findings from the product. For more information, check Managing AWS 


Security Hub Product Integrations. 


Once you complete the integration steps with Qualys, you can view the findings on AWS 


console. 
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Configuring Integration with Qualys 


We provide APIs (JSON) to fasten and simplify the integration process with Amazon 
Security Hub. The integration process involves two quick steps with Qualys using APIs: 
creating the Amazon Security Hub integration and configuring the Amazon Security Hub 
integration. Once you configure it, you can use it to fetch details, update the existing 
configuration of Amazon Security Hub, or delete the Amazon Security Hub integration as 
well. 


New Integrations 


For new integrations, use the create API first and then configure VM/VMDR app. Once you 
have created Amazon Security Hub Integrations, then they can get unique integration Id 
using the GET API and then can update VM config i.e severity level, category, additional 
AWS accounts, and regions using the update API. 


Create Amazon Security Hub Integration 

Configure Amazon Security Hub Integration 
Update Amazon Security Hub Integration 

Get Details of the Amazon Security Hub Integration 


Delete Amazon Security Hub Details 


Existing Integrations 


For existing Amazon Security Hub Integrations you can get/fetch unique integration Id 
using the GET API. You can update VM config i.e severity level, category, additional AWS 
accounts, and regions using the update API. 


Update Amazon Security Hub Integration 
Get Details of the Amazon Security Hub Integration 


Delete Amazon Security Hub Details 


URL to the Qualys API Server 


Before you proceed with the APIs, you need to know the Qualys API Server. The Qualys API 
URL you should use for API requests depends on the Qualys platform where your account 
is located. 


Click here to identify your Qualys platform and get the API URL 


This documentation uses the API URL for Qualys US Platform 1 
(https://qualysapi.qualys.com) in sample API requests. If you’re on another platform, 
please replace this URL with the appropriate Qualys API Server and URL for your account. 
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Create Amazon Security Hub Integration 
/qps/rest/2.0/add/integration/amazon/securityhub 
[POST] 


The first step towards the integration is creation of Amazon Security Hub integration. To 
create the Amazon Security Hub integration, you need to provide an unique name for 
integration in the API request body. Once you create the Amazon Security Hub integration, 
the response provides an unique integration identifier (id) for the Amazon Security Hub. 


Input Parameters 


Parameter Description 

name= {value} (Required) Provide a unique name for the integration in the API 
request. The maximum length allowed for name is 50 
characters. 


Create Amazon Security Hub Integration 
API request: 


curl -u 'username:password' -X POST --header 'Content- 
Type:application/json' 
"https://qualysapi.qualys.com/qps/rest/2.0/add/integration/amazon/securit 
yhub' --data '@integration.json' 


Note: “integration.json” contains the request POST data. 


Request POST Data (integration.json): 
{ 


"name": "Demo Integration Name" 
} 
JSON output: 
{ 
"ServiceResponse": { 

Moone! Ty 
"responseCode": "SUCCESS", 
"data": [ 


"integrationId=40" 
] 
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Configure Amazon Security Hub Integration 
/qps/rest/2.0/add/integration/amazon/securityhub/{id}/vm 
[POST] 


The next step after you create the Amazon Security Hub integration is to configure it and 
enable integration with the VM/VMDR app. During the configuration, you need to provide 
the AWS account details such as AWS account ids, base category, regions, minimum 
severity level of the vulnerabilities that should be fetched from Qualys (VM/VMDR app) to 
be posted to Amazon Security Hub. Once you complete the configuration steps, the 
Amazon Security Hub Integration is enabled with VM/VMDR app. 
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Input Parameters 


Parameter 


Description 


id={value} 


(Required) Unique identifier (id) assigned to the Amazon Security Hub 
integration. 


vmcConfigs 


Configuration details of the Amazon Security Hub in following format: 
"vmConfigs": [ 
{ 
"minSeverity":1, 
"baseCategory":"Potential", 
"awsAccounts": [ 
Dil Ep Eg EDD EE QL 
"222222222222" 
l; 
"regions": [ 
"eu-west-2", 
"eu-west-1" 


}, 
where, 
minSeverity: minimum severity level of the vulnerabilities fetched from 
Qualys (VM/VMDR app) to be posted on the Amazon Security Hub. By 
default, it is configured to severity level 3 and above. For example, if you 
set the value to 1, all findings with severity level 1 to 5 are fetched and 
available on Amazon Security Hub. 
baseCategory: category of the vulnerabilities fetched from Qualys 
(VM/VMDR app) to be posted on the Amazon Security Hub. The valid 
values are Confirmed and Potential. 
By default, it is configured to Confirmed. In this case, only confirmed 
vulnerabilities are included. If you configure the baseCategory as 
Potential, both Potential and Confirmed vulnerabilities are included. 
awsAccounts: List of AWS account ids for which AWS Security Hub is 
enabled. 
regions: List of AWS regions where Amazon Security Hub is enabled. As 
AWS Security Hub is regional service, you need to add all regions that are 
enabled for AWS Security Hub. 


ConfigureAmazon Security Hub Integration 
API request: 


curl -u 


"username:password' -X POST --header 'Content- 


Type:application/json' 
"https://qualysapi.qualys.com/qps/rest/2.0/add/integration/amazon/securit 
yhub/{id}/vm' --data '@integration.json' 


Note: “integration.json” contains the request POST data. 
Request POST Data (integration.json): 


{ 


"vmConfigs": [ 


{ 
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} 


"minSeverity":1, 


"baseCategory":"Potential", 


"awsAccounts": [ 
Wil VL La TL A 
"222222222222" 

"regions": [ 

"eu-west-2", 
"eu-west-1" 


"minSeverity":3, 


"baseCategory":"Confirmed", 


"awsAccounts": [ 
"333333333333", 
"444444444444" 

] LA 

"regions": [ 

"eu-west-2", 
"eu-west-1" 


JSON output: 


{ 


Update Amazon Security Hub Integration 


"ServiceResponse": { 
“eount 21; 


"responseCode": "SUCCESS", 


"data": [ 


AWS Security Hub Integration with Qualys 


Configuring Integration with Qualys 


"VM successfully enabled for AWS security hub." 


] 


qps/rest/2.0/update/integration/amazon/securityhub/{id} [POST] 


qps/rest/2.0/update/integration/amazon/securityhub/{id}/vm [PUT] 


Once you configure the Amazon Security Hub integration, you can update the name, 
integration or configuration details of the Amazon Security Hub integration with Qualys. 


Note: If integration created but not enabled (VM Configuration is not done) for particular 
AWS account, it gets enabled during the update request (PUT) and the details are updated 


as well. 
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Input Parameters 


Parameter 


Description 


id={value} 


(Required) Unique identifier (id) assigned to the Amazon Security Hub integration. 


The unique integration identifier (id) of the Amazon Security Hub cannot be 
updated. 


vmcConfigs 


Configuration details of the Amazon Security Hub in following format: 
"vmConfigs": [ 
{ 
"minSeverity":1, 
"baseCategory":"Potential", 
"awsAccounts": [ 
AD et Ei CE Ks at 
"222222222222" 
] à 
"regions": [ 
"eu-west-2", 
"eu-west-1" 


}, 
where, 
minSeverity: minimum severity level of the vulnerabilities fetched from Qualys 
(VM/VMDR app) to be posted on the Amazon Security Hub. By default, it is 
configured to severity level 3 and above. For example, if you set the value to 1, all 
findings with severity level 1 to 5 are fetched and available on Amazon Security 
Hub. 
baseCategory: category of the vulnerabilities fetched from Qualys (VM/VMDR app) 
to be posted on the Amazon Security Hub. The valid values are Confirmed and 
Potential. 
By default, it is configured to Confirmed. In this case, only confirmed vulnerabilities 
are included. If you configure the baseCategory as Potential, both Potential and 
Confirmed vulnerabilities are included. 
awsAccounts: List of AWS account ids for which AWS Security Hub is enabled. 
regions: regions enabled with Amazon Security Hub. As AWS Security Hub is 
regional service, you need to add all regions that are enabled for AWS Security Hub. 


Note: 


- If you mention regions that are not enabled for Amazon Security Hub in the request, the 
regions are skipped. Only regions that are enabled for Amazon Security Hub are updated. 


- The minSeverity, baseCategory and regions are optional parameters. 


Update Name of the Amazon Security Hub Integration 


Let us see an example to update the name of the Amazon Security Hub integration. 
Provide the new name for the Amazon Security Hub integration in the request. 


API request: 


curl -u 'username:password' -X POST --header 'Content- 
Type:application/json' 
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"https://qualysapi.qualys.com/qps/rest/2.0/update/integration/amazon/secu 
rityhub/{id}' --data '@integration.json' 


Note: “integration.json” contains the request POST data. 


Request POST Data (integration.json): 
{ 


"name": "New Qualys Demo" 
} 
JSON output: 
{ 
"ServiceResponse": { 
"data": [ 


"AWS security hub integration successfully updated." 


l; 
"responseCode": "SUCCESS", 
"count":1 


Update configuration details of the Amazon Security Hub integration 

Let us now see an example to update the configuration details of the Amazon Security 
Hub integration. Provide the configuration details to be updated in the PUT request. 
API request: 


curl -u 'username:password' -X PUT --header 'Content- 
Type:application/json' 
"https://qualysapi.qualys.com/qps/rest/2.0/update/integration/amazon/secu 
rityhub/{id}/vm' --data '@integration.json' 


where, id is the unique integration identifier of the Amazon Security Hub 
Note: “integration.json” contains the request PUT data. 


Request PUT Data (integration.json): 
{ 


"vmConfigs": [ 
{ 
"minSeverity":1, 
"baseCategory":"Potential", 
"awsAccounts": [ 
TD LD a eh 
WOD22A2I 022009") 5 
"regions": [ 
"eu-west-2", 
"eu-west-1" 
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"minSeverity":3, 
"baseCategory":"Confirmed", 
"awsAccounts": [ 
"333333333333", 
"444444444444" 
] L 
"regions": [ 
"eu-west-2", 
"eu-west-1" 


] 
} 


JSON output: 
{ 


"ServiceResponse": { 
tTeoúnt™: 1, 
"responseCode": "SUCCESS", 
"data": [ 
"AWS accounts and their VM configuration successfully updated." 


] 


Get Details of the Amazon Security Hub Integration 
/qps/rest/2.0/get/integration/amazon/securityhub [GET] 
/qps/rest/2.0/get/integration/amazon/securityhub/vm/ [GET] 


When you want to get details of a particular Amazon Security Hub integration, you can 
fetch the configuration and integration details using the unique integration identifier (id) 
of the Amazon Security Hub integration. For existing integrations, you can fetch the 
configuration and integration details with or without the unique integration identifier (id) 
of the Amazon Security Hub integration. 


Currently, we can only fetch details for the VM/VMDR app. 


Get configuration details of the Amazon Security Hub integration 


Let us now see an example to fetch the configuration details of Amazon Security Hub 
integration. 


API request: 


curl -u 'username:password' -X GET --header 'Content- 
Type:application/json' 
"https://qualysapi.qualys.com/qps/rest/2.0/get/integration/amazon/securit 
yhub/49' 

OR 
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Note: If you are not aware of the integration ID, use the following request to fetch details 


without integration Id 


curl -u 'username:password' 
Type:application/json' 


"https://qualysapi.qualys.com/qps/rest/2 


yhub/' 


JSON output: 
{ 


"ServiceResponse": { 


"count": L; 


"responseCode":"SUCCESS", 


"data": [ 


-X 


G 


= 


ET --header 


"Content- 


.0/get/integration/amazon/securit 


"{VM={name='Updated Qualys Demo Name', 


integrationId=49, 
customerId=223822, 
vmConfigs=[ 
{awsAccountId=111111111111, 
severity=3, 
category=Potential, 
regions=[eu-west-2, 
{ 
awsAccount1Id=222222222222, 
severity=3, 
category=Potential, 
regions=[eu-west-1] } 
{awsAccount1d=333333333333, 
severity=3, 
category=Confirmed, 
regions=[eu-west-2, 
{awsAccount1d=444444444444, 
severity=3, 
category=Confirmed, 
regions=[eu-west-2, 


] 


u-west-1]}, 


u-west-1]}, 


u-west-1]}]" 


Get integration details of the Amazon Security Hub with VM/VMDR 
Let us now see an example to fetch the integration details of Amazon Security Hub with 


VM/VMDR app. 
API request: 


curl -u 'username:password' 
Type:application/json' 


=X 


G 


= 


ET --header 


"Content- 


"https://qualysapi.qualys.com/qps/rest/2.0/get/integration/amazon/securit 


yhub/vm/' 
OR 
curl -u 'username:password' 


-X 


G 


a 


ET --header 


'Content- 


20 


AWS Security Hub Integration with Qualys 
Configuring Integration with Qualys 


Type:application/json' 
"https://qualysapi.qualys.com/qps/rest/2.0/get/integration/amazon/securit 
yhub/{id}/vm/' 


where, id is the unique integration identifier of the Amazon Security Hub 


JSON output: 
{ 


"ServiceResponse": { 
"eount™ aL, 
"responseCode": "SUCCESS", 
"data": [ 
"{name='Updated Qualys Demo Name', 


integrationld=34, 
customerId=223822, 

vmConfigs=[ 
{awsAccountId=111111111111, 
severity=3, 

category=Potential, 
regions=[eu-west-2, eu-west-1]}, 
{awsAccountId=222222222222, 
severity=3, 

category=Potential, 
regions=[eu-west-1] } 
{awsAccount1d=333333333333, 
severity=3, 

category=Confirmed, 
regions=[eu-west-2, eu-west-1]}, 
{awsAccountI1d=444444444444, 
severity=3, 

category=Confirmed, 
regions=[eu-west-2, eu-west-1]}]}" 


] 


} 


Delete Amazon Security Hub Details 
/qps/rest/2.0/delete/integration/amazon/securityhub/id [DELETE] 
/qps/rest/2.0/delete/integration/amazon/securityhub/{id}/vm [POST] 
For an Amazon Security Hub integration, you could delete the following: 
- Amazon Security Hub integration 

- AWS accounts associated with the Amazon Security Hub 

- regions associated with the Amazon Security Hub 


Note: If you have only single region associated with the AWS account used for integration, 
you cannot delete the region. Deletion of region for an AWS account used for integration is 
possible only if there are multiple regions associated with the AWS account. 
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Delete the Amazon Security Hub integration 
API request: 


curl -u 'username:password' -X DELETE --header 'Content- 
Type:application/json' 
"https://qualysapi.qualys.com/qps/rest/2.0/delete/integration/amazon/secu 
rityhub/ {id}! 


where, id is the unique integration identifier of the Amazon Security Hub 


JSON output: 
{ 


"ServiceResponse": { 
"data": [ 
"AWS security hub integration successfully deleted." 
Jiz 
"responseCode": "SUCCESS", 
"count":1 


Delete the accounts associated with the Amazon Security Hub 
API request: 


curl -u 'username:password' -X POST --header 'Content- 
Type:application/json' 
"https://qualysapi.qualys.com/qps/rest/2.0/delete/integration/amazon/secu 
rityhub/{id}/vm' 


where, id is the unique integration identifier of the Amazon Security Hub 


Request POST Data (integration.json): 
{ 


"awsAccounts": [ 
YTITITLLLITIT™Y, 
"222222222222" 


JSON output: 
{ 


"ServiceResponse": { 
"data": [ 
"AWS accounts successfully deleted from AWS security hub 
integration." 
l, 
"responseCode":"SUCCESS", 
"count":2 
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Delete the regions associated with the Amazon Security Hub 
API request: 


curl -u 'username:password' -X POST --header 'Content- 
Type:application/json' 
"https://qualysapi.qualys.com/qps/rest/2.0/delete/integration/amazon/secu 
vityhub/{id}/vm/regions --data '@integration.json' 


where, id is the unique integration identifier of the Amazon Security Hub 
Note: “integration.json” contains the request POST data. 


Request POST Data (integration.json): 
{ 


"yvmRegionConfigs": [ 
{ 
"awsAccounts": [ 
WTA AT 

122222 0022092" 

l; 

"regions": [ 
"eu-west-2" 


JSON output: 
{ 


"ServiceResponse" : { 
“eount' 1; 
"responseCode": "SUCCESS", 
"data" : [ "Regions successfully deleted from AWS accounts in AWS 
security hub integration." J, 


} 


Delete the multiple regions associated with multiple accounts of the Amazon Security 
Hub Integration 


API request: 


curl -u 'username:password' -X POST --header 'Content- 
Type:application/json' 
"https://qualysapi.qualys.com/qps/rest/2.0/delete/integration/amazon/secu 
vityhub/{id}/vm/regions --data '@integration.json' 


where, id is the unique integration identifier of the Amazon Security Hub 


Note: “integration.json” contains the request POST data. 


Request POST Data (integration.json): 


{ 


"yvymRegionConfigs": [ 
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"awsAccounts": [ 
Fe i i tat eet i De 
1222222222222 
l; 
"regions": [ 
"us-west-2" 


"awsAccounts": [ 
33333333333" 

l; 

"regions": [ 
"us-west-2", 
"us-west-1" 


JSON output: 
{ 


"ServiceResponse" : { 

"oouñt trL, 

"responseCode":"SUCCESS", 

"data" : [ "Regions successfully deleted from AWS accounts in AWS 
security hub integration." ], 


} 
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Findings and Insights 


Let us the see the detailed steps for viewing findings and insights on AWS console. 
View Findings on AWS Console 

Insights on AWS Console 

Troubleshooting Tips 


View Findings on AWS Console 


Before you view findings on AWS console, ensure that you have met the pre-requisites, 
completed all the configurations with AWS and Qualys, and have findings available in 
your Qualys subscription. For more information on findings, refer to Managing Findings. 


Let us the see the detailed steps to view the findings. 
1 - Go to Amazon Security Hub Console. 
2 - Click Findings tab. 


3 - Use pre-defined filters to view the findings. For example: Company name EQUALS 
Qualys. 


Services v Resource Groups v * Ñ  Oktasso-AdminFullAccess/sne... ~ N. Virginia v 
Security Hub x Security Hub Findings 
Summary Findings 


Security standards 
A finding is a security issue or a failed security check. 


Insights 


Findings Q | Company name EQUALS Qualys X 


Integrations 


x 


Settings 


Workflow 
Severity v Company Product Title v Resource ID Resourci 


v 
What's new status 


Microsoft 
Vulnerabilit indes G 
u i 
@ HIGH NEW Qualys A Security 0c518482c562 AwsEc2li 
Management 
Update for 87123 
April 2020 


Microsoft 
Malicious 
Software 
Removal $ 
i- 
Vulnerabilit Tool (MSRT, 
@ HIGH NEW Qualys SA SOEREN 0c518482c562 AwsEc2li 
Management Privilege 
87123 
Escalation 
Vulnerability 
- February 
2020 


You could click on the Title hyperlink of a finding to know more details about the finding. 
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Insights on AWS Console 


To view Qualys-specific pre-defined filters or insights, you need to download the Cloud 
Formation template that we provide on the Qualys GitHub. 


GitHub Link for Cloud Formation template: https://github.com/Qualys 


Once you install the Cloud Formation template, the insights related Qualys findings are 
populated on AWS console. 


Troubleshooting Tips 


Let us see scenarios that will help you debug the common issues. 


Scenario: Qualys Findings not visible in Qualys subscription 
Workaround: To view Qualys findings in your subscription ensure the following: 


- Qualys sensors are deployed on the endpoints 


- Vulnerability scans are conducted 


Scenario: Qualys Findings not visible on AWS console 
Workaround: To view Qualys findings on AWS console ensure the following: 


- Qualys sensors are deployed on the endpoints 
- Vulnerability assessment and findings are available in your Qualys subscription 


- Integration configuration with Qualys and AWS console is complete 


For any such issues related to Amazon Security Hub Integration with Qualys, reach out to 
Qualys Support. 
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